[sork] passwd question

Craig White craigwhite at azapple.com
Fri Jun 20 15:37:06 UTC 2008 

On Fri, 2008-06-20 at 16:54 +0200, Jan Schneider wrote:
> Zitat von Craig White <craigwhite at azapple.com>:
> 
> > On Thu, 2008-06-19 at 13:30 -0700, Craig White wrote:
> >> For the first time, I downloaded installed Passwd (3.0.1 I think it is -
> >> and latest Horde Release 3.2.1)
> >>
> >> I commented all items of backends.php out except for smbldap and
> >> configured it to work as I would expect.
> >>
> >> I chose the smbldap because I would like it to change userPassword,
> >> sambaLMPassword, sambaNTPassword attributes (the sambaLMPassword is
> >> probably unnecessary but anyway)...
> >>
> >> I gave it my old and new passwords and I get this message on screen...
> >>
> >> Failure in changing password on Samba/LDAP Server: Insufficient access
> >>
> >> but all three passwords (userPassword, sambaLMPassword and
> >> sambaNTPassword) seemed to have changed anyway.
> >>
> >> This is the ACL I'm using in LDAP...does this pose a problem?
> >>
> >> access to attrs=userPassword,sambaNTPassword,sambaLMPassword
> >>         by dn.exact="uid=admin,ou=People,dc=example,dc=com" write
> >>         by self write
> >>         by anonymous auth
> >>         by * none
> >>
> >> I've been using this ACL for a pretty long time in a number of
> >> locations...
> > ----
> > I almost suspect that this occurs because of a note in backends.php...
> >
> > // NOTE: to set the ldap userdn, see horde/config/hooks.php
> >
> > but I don't see anything specifically in hooks.php that refers to the
> > userdn at all and I do have some hooks that get the cn and mail
> > attributes.
> >
> > So I am using the 'realm' attribute to provide the rest of the $userdn
> > and I suspect that this is why I am getting the error - even though it
> > actually changes all the passwords.
> >
> > If in fact, I grep for userdn in horde/config/hooks.php.dist, I get
> > nothing at all.
> >
> > Should I write some kind of custom hook to return the actual userdn?
> > Does something like this already exist?
> 
> The hook has been moved to Passwd, so grab a hook.php.dist copy either  
> from Horde 3.1.x or from Passwd CVS HEAD.
----
OK - set 'realm' in backends.php back to an empty string (again, this is
using the smbldap configuration)

added to horde/config/hooks.php...

if (!function_exists('_passwd_hook_userdn')) {
function _passwd_hook_userdn($auth)
  {
return 'uid=' . $auth . ',ou=people,dc=example,dc=com';
  }
}

(uid=craig,ou=people,dc=example,dc=com is my user DN - notwithstanding
the substitution of example)

and logged in, changed my password and the same result...
userPassword was changed
sambaNTPassword was changed
sambaLMPassword was probably changed (I don't use this attribute)
but the screen gave the same error message as above (Insufficient
access)

so it works but it reports a failure and like before, if I click on
something like e-mail which requires login access, it fails and I have
to login with my changed password.

# cat conf.php
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Horde: passwd/config/conf.xml,v 1.12 2005/10/09 14:48:58 jan Exp $
$conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'nag',
'turba');
$conf['backend']['backend_list'] = 'hidden';
$conf['user']['change'] = true;
$conf['user']['refused'] = array('root', 'bin', 'daemon', 'adm', 'lp',
'shutdown', 'halt', 'uucp', 'ftp', 'anonymous', 'nobody', 'httpd',
'operator', 'guest', 'diginext', 'bind', 'cyrus', 'courier', 'games',
'kmem', 'mailnull', 'man', 'mysql', 'news', 'postfix', 'sshd', 'tty',
'www');
$conf['password']['strengthtests'] = false;
$conf['hooks']['full_name'] = true;
$conf['hooks']['default_username'] = false;
$conf['hooks']['username'] = false;
$conf['hooks']['userdn'] = true;

Thanks

Craig

More information about the sork mailing list